Secret Security Holes Released to Public

A hacker claims to have stolen three security advisories from a corporate computer and posted them on a public mailing list, creating fresh dilemmas for users and software makers A self-proclaimed hacker claims to have stolen three unreleased security advisories from a corporate computer and posted them to a public mailing list. The online vandal, who uses the monicker “Hack4Life”, said on Wednesday that he stole advisories detailing flaws in a common set of Unix code, the Kerberos authentication system and some implementations of encryption for Web sites. He claims to have stolen them from a firm that had been working with the Computer Emergency Response Team (CERT) Coordination Center, a clearinghouse for security information. “I am not in any way connected with CERT or any of the vendors involved,” he wrote in an email. He added that he wouldn’t give further details of the break-in and that he primarily stole the information for amusement and to show off. The outing of the advisories this weekend caused some consternation in the security world, because the companies involved didn’t have time to create patches for the problems before the information became publicly known. When a security problem is found in their products, software makers prefer to release the information after a patch is available. Full Story

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.